[HttpClient] fix documentation of Cookies #19947

infinitum11 · 2024-06-07T08:54:55Z

HttpClient is used for sending HTTP requests, but not for responding to HTTP requests, so the following lines are invalid.

'headers' => [
    'Cookie' => new Cookie('flavor', 'chocolate', strtotime('+1 day')),
    // you can also pass the cookie contents as a string
    'Cookie' => 'flavor=chocolate; expires=Sat, 11 Feb 2023 12:18:13 GMT; Max-Age=86400; path=/'
],

PHP parses and populates the $_COOKIE array as follows which is wrong:

$_COOKIE = [
    "flavor" => "chocolate",
    "expires" => "Sat, 08 Jun 2024 08:34:15 GMT",
    "Max-Age" => "86400",
    "path" => "/",
    "httponly" => "",
    "samesite" => "lax",
];

So, one of the variances is to use the following syntax:

'headers' => [
    'Cookie' => 'foo=bar;baz=zap', 
    // Or an encoded format
    'Cookie' => sprintf("%s=%s", 'foo', rawurlencode('bar'))
],

See:

The text was updated successfully, but these errors were encountered:

javiereguiluz · 2024-06-14T15:24:45Z

@infinitum11 I think I'm missing something in your issue report. The format that you are proposing (xxx=yyy;aaa=bbb;...) is the same as the second format shown in the example. The only difference is that the Symfony example includes some white spaces. Is that the issue? Thanks.

infinitum11 · 2024-06-17T06:33:57Z

@javiereguiluz Technically they are the same, but semantically they differ. Let me explain.

When sending a cookie from a server to a client, you use the Set-Cookie HTTP Response header. For this, the Symfony\Component\HttpFoundation\Cookie class is used. It specifies attributes like path, domain, SameSite, etc.

However, when sending a cookie from a client to a server, you use the Cookie HTTP Request header (This is the HTTP Client case). There is no path, domain or other attributes, just key=value pair separated by ";".

So, when you set additional HTTP headers this way:

'headers' => [
    'Cookie' => new Cookie('flavor', 'chocolate', strtotime('+1 day')),
    // you can also pass the cookie contents as a string
    'Cookie' => 'flavor=chocolate; expires=Sat, 11 Feb 2023 12:18:13 GMT; Max-Age=86400; path=/'
],

the 6 (six) cookies are sent from the client to a server: flavor, expires, Max-Age, path, httponly, and samesite. Of course, this is not what we expect to receive on the server side.

javiereguiluz · 2024-06-17T08:59:53Z

@infinitum11 thanks a lot for the detailed explanation. It's clear to me now. I created #19968 to try to fix this. Thanks!

…reguiluz) This PR was squashed before being merged into the 5.4 branch. Discussion ---------- [HttpClient] Fix how cookies are defined and sent Fix #19947. Commits ------- 0643f16 [HttpClient] Fix how cookies are defined and sent

carsonbot added the HttpClient label Jun 7, 2024

javiereguiluz added the Waiting feedback label Jun 14, 2024

javiereguiluz added bug hasPR A Pull Request has already been submitted for this issue. and removed Waiting feedback labels Jun 17, 2024

carsonbot added the Status: Needs Review label Jun 17, 2024

javiereguiluz added this to the 5.4 milestone Jun 17, 2024

javiereguiluz mentioned this issue Jun 17, 2024

[HttpClient] Fix how cookies are defined and sent #19968

Merged

javiereguiluz removed the Status: Needs Review label Jun 17, 2024

xabbuh closed this as completed Jun 17, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[HttpClient] fix documentation of Cookies #19947

[HttpClient] fix documentation of Cookies #19947

infinitum11 commented Jun 7, 2024 •

edited

Loading

javiereguiluz commented Jun 14, 2024

infinitum11 commented Jun 17, 2024

javiereguiluz commented Jun 17, 2024

[HttpClient] fix documentation of Cookies #19947

[HttpClient] fix documentation of Cookies #19947

Comments

infinitum11 commented Jun 7, 2024 • edited Loading

javiereguiluz commented Jun 14, 2024

infinitum11 commented Jun 17, 2024

javiereguiluz commented Jun 17, 2024

infinitum11 commented Jun 7, 2024 •

edited

Loading